Practical Domain and Type Enforcement for UNIX

Badger, Lee; Sterne, D.; Sherman, David; Walker, Kenneth; Haghighat, Sheila A.

doi:10.1109/secpri.1995.398923

Cited by 132 publications

(147 citation statements)

References 14 publications

Supporting

Mentioning

147

Contrasting

Order By: Relevance

“…Furthermore, s i has the right to access o i in the op i mode. A run π has a flow from an objectô 1 to a subjectŝ k provided there is a flow pathô 1 …”

Section: Preliminariesmentioning

confidence: 99%

“…While MAC is not susceptible to Trojan Horse attacks, many solutions proposed to prevent any such data leakage exploit employing labels or type based access control. Boebert et al [3], Badger et al [1] and Boebert and Kain [4] are some of the studies that address confidentiality violating data flows. Mao et al [21] propose a label based MAC over a DAC system.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Preventing Unauthorized Data Flows

Uzun

Parlato

Atluri

et al. 2017

Data and Applications Security and Privacy XXXI

View full text Add to dashboard Cite

Abstract. Trojan Horse attacks can lead to unauthorized data flows and can cause either a confidentiality violation or an integrity violation. Existing solutions to address this problem employ analysis techniques that keep track of all subject accesses to objects, and hence can be expensive. In this paper we show that for an unauthorized flow to exist in an access control matrix, a flow of length one must exist. Thus, to eliminate unauthorized flows, it is sufficient to remove all one-step flows, thereby avoiding the need for expensive transitive closure computations. This new insight allows us to develop an efficient methodology to identify and prevent all unauthorized flows leading to confidentiality and integrity violations. We develop separate solutions for two different environments that occur in real life, and experimentally validate the efficiency and restrictiveness of the proposed approaches using real data sets.

show abstract

“…Furthermore, s i has the right to access o i in the op i mode. A run π has a flow from an objectô 1 to a subjectŝ k provided there is a flow pathô 1 …”

Section: Preliminariesmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Preventing Unauthorized Data Flows

Uzun

Parlato

Atluri

et al. 2017

Data and Applications Security and Privacy XXXI

View full text Add to dashboard Cite

show abstract

“…Domain and Type Enforcement (DTE) (see [28] for example) assigns a subject to a specific domain and an object to a specific type and enforces information flow by specifying the read and write permissions in the form of a matrix. A classic example of the application of DTE is to address the problem of trusted pipelines.…”

Section: Configuring Domain and Type Enforcement In G-sis Cmentioning

confidence: 99%

“…In this paper, we outline our vision on building the connected, undifferentiated group model and compare it with classic access control models such as LBAC, Domain and Type Enforcement [28] and RBAC. We show that our proposed connected, undifferentiated group model can express such policies and conveniently handle more dynamic information sharing scenarios.…”

Section: Introductionmentioning

confidence: 99%

Group-Centric Models for Secure and Agile Information Sharing

Sandhu

Krishnan

Niu

et al. 2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract.To share information and retain control (share-but-protect) is a classic cyber security problem for which effective solutions continue to be elusive. Where the patterns of sharing are well defined and slow to change it is reasonable to apply the traditional access control models of lattice-based, role-based and attribute-based access control, along with discretionary authorization for further fine-grained control as required. Proprietary and standard rights markup languages have been developed to control what a legitimate recipient can do with the received information including control over its further discretionary dissemination. This dissemination-centric approach offers considerable flexibility in terms of controlling a particular information object with respect to already defined attributes of users, subjects and objects. However, it has many of the same or similar problems that discretionary access control manifests relative to role-based access control. In particular specifying information sharing patterns beyond those supported by currently defined authorization attributes is cumbersome or infeasible. Recently a novel mode of information sharing called group-centric was introduced by these authors. Group-centric secure information sharing (g-SIS) is designed to be agile and accommodate ad hoc patterns of information sharing. In this paper we review g-SIS models, discuss their relationship with traditional access control models and demonstrate their agility relative to these.

show abstract

“…Our current implementation is limited to filesystems, but the same approach should be generalized to these other namespaces. To confront the practical challenges connected with virtualizing network stacks, we plan to draw on the wisdom of the Vimage project 3 for FreeBSD [15]. 2 The sudoer-style matching and aliasing are not yet implemented 3 http://www.tel.fer.hr/zec/BSD/vimage/…”

Section: Overviewmentioning

confidence: 99%